Data Governance

User data access needs change, and access permissions are seldom revoked; users accumulate more and more access authorization over time. Organizations lack the ability to see who is accessing data and what they’ve accessed, identify excessive permissions, and identify data owners.

Data classification and categorization available on the fly

Get real time alerts on events of interest, such as changes made outside of change control hours

Identify changes in group members and permissions

By combining user and group information taken from Active Directory, LDAP, or other directory services with a complete picture of the file system.
SECNOLOGY gives organizations a complete picture of their permissions structure. Flag, tag and annotate your files and folders to track, analyze and report on users, groups and data.
SECNOLOGY also shows every user and group that can access data as well as every folder that can be accessed by them.

Because there is an audit of every file access, SECNOLOGY can perform analysis of user activity in real-time to effectively identify business data owners. Organizations can also assign owners to any folder group. Reports concerning data access, activity, changes to their folders and groups, and stale data can be provided automatically to data owners to involve them directly in the data governance process. As owners change, they may be cloned or replaced to simplify data ownership maintenance.

GDPR & Data Governance

The implementation of the General Data Protection Regulation (GDPR) is linked to a company’s data governance program. Companies must have clear insight into the data they have that falls under these regulations. Successful organizations will architect information capabilities that not only manage the lineage of these data assets, but also actively assess vulnerabilities and risk mitigation activities.

GDPR will introduce significant changes, including via the following concepts:

Transparency and Consent

The information to be provided to and permissions required from individuals to justify the use of their personal data. The GDPR’s requirements, including for consent to be unambiguous and not to be assumed from inaction, will mean that many data protection notices will need to be amended.

Regulated data

The definitions of “Personal Data” and “Sensitive Data” have been expanded, for instance, the latter now includes genetic and biometric data.

Enhanced rights

Data Subjects are given substantial rights, including the right to be forgotten, data portability rights and the right to object to automated decision making.

Pseudonymisation

A privacy enhancing technique where information which allows data to be attributed to a specific person is held separately and subject to technical and organizational measures to ensure non-attribution.

Personal Data Breach

A new security breach communication law is introduced for all data controllers regardless of their sector.

Data protection by design and accountability

Organizations are required to adopt significant new technical and organizational measures to demonstrate their GDPR compliance.

Supervisory authorities and the EDPB

Regulatory oversight of data protection will change significantly, including via the introduction of a new lead authority for certain organizations.